Certified Ethical Hacker v12 – Practice Test Questions

In the ever-evolving landscape of cybersecurity, the role of Certified Ethical Hackers (CEH) has become increasingly crucial. These professionals are tasked with identifying and exploiting vulnerabilities in computer systems, networks, and applications, all with the goal of fortifying digital defenses against malicious hackers.

Achieving the CEH certification requires a deep understanding of various hacking techniques, tools, and methodologies. One effective way to prepare for the CEH exam is through practice test questions, which simulate real-world scenarios and assess your knowledge and skills.

Consolidate your knowledge across multiple domains with this set. Covering a broad spectrum of topics, these questions provide a holistic review, preparing you to tackle the diverse challenges faced by ethical hackers.

1Q: Mandy is an employed Ethical Hacker. She is leading her team in the task of security testing their company’s website. Mandy discovers that the network suffers from a vulnerability to Man in the Middle Attacks, because users are not authenticated within the key exchange process of the cryptographic algorithm. Which of the below cryptographic algorithms is being used?

a. Twofish
b. Diffie-Hellman
c. RSA
d. Blowfish

Solution: The correct answer is B.

2Q: Which sort of attack is the Man in the Middle Attack?

a. Active
b. Passive
c. Active and passive
d. Neither active nor passive.

Solution: The correct answer is A.

3Q: Which of the below can be utilized by hackers to accomplish session hijacking? (Select more than one answer if applicable.)

a. Session fixation
b. Session sidejacking
c. Cross-site scripting
d. ARP spoofing

Solution: The correct answers are A, B, and C.

4Q: Which of the below attack methods will force a user’s session ID to a set value?

a. Max Age attack
b. Zero-day attack
c. FMS attack
d. Session Fixation attack

Solution: The correct answer is D.

5Q: In this style of hijacking, the authentication check is executed only when a session is open. A hijacker who effectively launches this attack will be able to control a connection throughout the session’s duration. After successfully stealing the session cookie, an attacker can masquerade as a user or hijack a session throughout its lifetime. Which of the below countermeasures would be useful in preventing this type of hijacking? Each correct answer represents a complete solution. Choose two.

a. Ignore unknown or suspicious links sent through email or instant message.
b. Regenerate the session cookie once a browser session has closed.
c. Decrease the cookie’s life span.
d. Regenerate a session ID after a user has logged in.

Solution: The correct answer is C.

6Q: Mandy is responsible for testing a web application for potential vulnerabilities. She runs a sniffer, attempts to predict the session ID, and then attempts to connect using the details of an authorized user as if they were her own. What vulnerability is she concerned with based on the information provided above?

a. Cross site scripting
b. Insecure direct object reference
c. Session hijacking
d. SQL injection

Solution: The correct answer is C.

7Q: What is another word for which of the below consists of exploiting insufficient security validation/sanitization of user-supplied input file names?

a. Intuitive Force
b. Hybrid
c. Dictionary
d. Directory traversal

Solution: The correct answer is A.

8Q: Jared’s company is utilizing an Apache server that came pre-loaded with default and sample files, plus applications, configuration files, scripts, and webpages. The server is set up to enable content management and remote administrative services; debugging is also enabled. Anonymous users are able to access the administrative functions of this server. What is the issue with this setup?

a. Runs a performance test on the server to check CPU utilization with default files and passwords.
b. Server misconfiguration attacks exist that are specifically aimed to discover and exploit this kind of setup on web and application servers.
c. There’s no issue so long as Jared deploys the server within the production application environment.
d. There’s no issue; the default features will allow users to leverage the server’s features and functions.

Solution: The correct answer is B.

9Q: As a senior developer, Rudy is cognizant of security threats and develops web application code that recognizes when a malicious user has made a URI request for a file or directory. Upon such a request, her code will actually build a full path to the file/directory (as long as it exists) and normalize every character (for example, %20 will be converted to spaces). Which of the below is she attempting to prevent?

a. Security misconfiguration
b. Cross site scripting
c. SQL injection
d. Directory traversal attacks

Solution: The correct answer is D.

10Q: On reviewing the pages of your online-based store, you discover that some changes have been made that you did not initiate or authorize. What kind of attack may have been launched against your web server?

a. Session hijacking
b. DoS or DDoS
c. DNS cache poisoning
d. Social engineering

Solution: The correct answer is C.

11Q: Michael wants to mitigate his web application against a specific vulnerability. He wants to make sure that user-supplied parameters placed into HTTP headers will be vetted for illegal characters, including carriage returns (%0d) and newlines (%0a). Which attack type is Michael attempting to stamp out?

a. SQL injection
b. HTTP response splitting
c. Broken authentication/Session Management
d. Security misconfiguration

Solution: The correct answer is B.

12Q: A hacker wants to launch a brute force attack but isn’t sure which port he should use. Which of the below is generally the target of such an attack? What can this attack accomplish?

a. Port 25: Emails may be sent from this open port.
b. Port 22: Remote login by guessing passwords/usernames.
c. Port 21: Check for available FTP accounts.
d. Port 80: Send repetitive or numerous TCP handshake attacks.

Solution: The correct answer is B.

13Q: In analyzing SSH logs for the security team, Amy realizes that two different attacks are being launched against the network. The attacker attempted to gain access by first utilizing a single user ID and then attempts hundreds of different passwords (password1, password2, password3, etc.). Then the attacker tried several different user IDs (userid1, userid2, userid3, etc.) with different passwords. Several IP addresses were apparent in the SSH. The most common attempts for user IDs included root, admin, administrator, MySQL, Oracle, Nagios. Which of the below attacks have been attempted against their network? Each correct answer represents a complete solution. Choose two.

a. Bit flipping attack
b. Replay attack
c. Brute force attack
d. Dictionary attack

Solution: The correct answers are C and D.

14Q: An attacker inserts an intermediary application between two hosts in the process of communicating with each other. What kind of attack does this represent?

a. Denial of Service
b. Password guessing
c. Dictionary
d. Man-in-the-middle

Solution: The correct answer is D.

15Q: A DNS server returns incorrect IP addresses and diverts traffic to the wrong machine. What has occurred?

a. TCP FIN scanning
b. DNS poisoning
c. TCP SYN scanning
d. Snooping

Solution: The correct answer is B.

16Q: Cryptographic techniques are utilized by encrypted viruses to prevent detection. Which of the below statements accurately describes encrypted viruses and their characteristics? (Select more than one answer if applicable.)

a. They will shield clients from DNS cache poisoning.
b. They allow DNS servers to transfer records away from the master server.
c. In outward appearance, they are very similar to polymorphic viruses.
d. Each infected machine will have a virus with a distinct signature.

Solution: The correct answers are C and D.

17Q: How can security professionals shield clients from the phony DNS data generated in DNS cache poisoning?

a. BINDER
b. Split-horizon DNS
c. Stub resolver
d. Domain Name System Extension (DNSSEC)

Solution: The correct answer is D.

18Q: Which protocol below is used for wireless networks and provides similar security as other protocols provide for wired networks?

a. WTLS
b. WAP
c. WEP
d. WPA2

Solution: The correct answer is D.

19Q: Benson sets the value of a watch at $269.00. A hacker modifies the watch’s value to $26.99 through an HTML editor. The hacker then submits the slightly modified HTML page, concluding a transaction for the item. What kind of attack did the hacker use to purchase the watch for a fraction of its intended cost?

a. SQL injection
b. Hidden field manipulation
c. Cross site scripting
d. Buffer overflow

Solution: The correct answer is B.

20Q: An attacker posts a message containing malicious code to a newsgroup site. When other users view his message, their browser interprets the code, executes it, and enables the attacker to control the users’ systems. What is this attack called?

a. Code injection attack
b. Buffer-overflow attack
c. Cross-site scripting attack
d. Replay attack

Solution: The correct answer is C.

21Q: Alex is a Network Security Administrator. Mandy, a coworker, approaches Alex to inform him that a few months ago, Mandyfilled in an online bank form on her work computer. Today, when she visited the bank’s site, she discovered that some of her personal information was still displayed on the web page, in the forms. Which of the below cookies should Alex disable to solve Mandy’s issue?

a. Persistent
b. Temporary
c. Session
d. Secure

Solution: The correct answer is A.

22Q: Soon after visiting your bank institution’s website, you inadvertently come across a malicious website. Your session on your bank’s site may still be valid, and the malicious website transmits a form post to the previous website. Your browser transmits the authentication cookie back to that site and seems to make a request on your behalf without your authorization. What kind of attack are you suffering?

a. CSRF attack
b. Stored cross site scripting attack
c. Reflected cross site scripting attack
d. Dom based cross-site scripting attack

Solution: The correct answer is A.

23Q: Which of the below is a proxy server used to test the security of web applications?

a. cURL
b. Instant Source
c. BURP
d. BlackWidow

Solution: The correct answer is C.

24Q: John is trying to implement key countermeasures to protect a web application against the most common attacks carried out on web applications. Which of the below represents a basic code check that will protect against the entries of malicious users?

a. ESAPI locators
b. Security Misconfiguration
c. Randomizers
d. Input validation

Solution: The correct answer is D.

You may also like: